Modify Authentication Process: Domain Controller Authentication

Other sub-techniques of Modify Authentication Process (9)

ID	Name
ATAGS-T1055.001	Domain Controller Authentication
ATAGS-T1055.002	Multi-Factor Authentication
ATAGS-T1055.003	Network Device Authentication
ATAGS-T1055.004	Network Provider DLL
ATAGS-T1055.005	Password Filter DLL
ATAGS-T1055.006	Pluggable Authentication Modules
ATAGS-T1055.007	Reversible Encryption
ATAGS-T1055.008	Conditional Access Policies
ATAGS-T1055.009	Hybrid Identity

Threat Actors may patch the authentication process on a domain controller to bypass the typical authentication mechanisms and enable access to accounts.

ID: ATAGS-T1055.001

Sub-technique of: ATAGS-T1055

ⓘ

Tactic: Execution

ⓘ

Targeted Components: Cloud Control Plane

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.